Chrome release 50 broke the 1Password Chrome Extension? [Caused by Sophos update]
Dear AgileBits community,
Chrome integration started failing on a Win10 system I've been using for a month with the dreaded "code signature could not be verified" error. I believe the failure happened after Google released Chrome 50. I actually uninstalled and reinstalled both the 1Password Chrome Extension, and Chrome itself, but I just can't get the 1Password extension to work anymore.
I've had similar issues with the 1Password extension on Chrome on Server 2012 systems, also without finding a fix, but this is the first time I seen the error on Win10.
Help?
Comments
-
@groundLoop: Hmm. I'm not getting that at all with Chrome 50 on Windows 10. Make sure you update both the 1Password app and extension, and restart Windows.
Typically, however, the code signature verification fails because the browser has been modified, or something is blocking communications between it and 1Password, such as "security" software. Did you perhaps have another update that happened to coincide with Chrome?
0 -
@brenty - thank's for the input. Indeed, nothing ever stays the same. The Win10 box in question is also running both Microsoft EMET 5.5.x and Sophos Anti-Virus. Sophos released a significant update during the same time frame (SAV 10.6.3).
EMET is not configured to protect either the 1Password or Chrome processes, so I doubt EMET is interfering. I'll investigate the possibility that Sophos is causing the issue.
0 -
@brenty - What's a pirate's favorite letter? You may think "Rrrrr.....", but I prefer the "C"
Right... disabling Sophos On-Access scanning fixes the issue. Sophos is not logging any errors, at least none that I've been able to find, about when and why it is interfering with the 1Password process. I just ratcheted up Sophos' logging settings. Perhaps I'll learn more there.
0 -
By trial and error, I managed to identify the Sophos feature that is causing the issue: "Web Protection." ** Disabling the Web Protection "Content Scanning" option solves the issue. **
Interestingly, the advice mentioned in this 2014 AgileBits article helped, but in this context, had to be applied differently.
For the enterprise IT admins out there responsible for managing Sophos via the Sophos Enterprise Console, the following trick works:
- Open Anti-Virus and HIPS policy > Authorization > Websites
- Add "127.0.0.1" to the "Authorized" list
That fix will let you use 1Password with Chrome, without having to completely disable Web Protection Content Scanning.
0 -
Hi @groundLoop,
This is the latest version of the Sophos support article we have: https://support.1password.com/configure-sophos/win.html
On the bottom, it includes the identical information as you mentioned, can you confirm if that's accurate still in the latest Sophos versions or has it been completely overhauled in the most recent version as you mentioned earlier?
/cc @AlexHoffmann
0 -
100% correct! My notes describe how to configure the same exception using Sophos' management platform, Sophos Enterprise Console.
Interestingly, I did not need to create this exception until Sophos released SAV 10.6.2 to the general public.
0 -
Hi @groundLoop,
That is unusual as it's always been the case for many years now. We'll try to get in touch with Sophos to see if they changed anything we should know.
Thanks for your help!
0